I am not able to redirect my One NLB traffic to Another NLB


Hi, my scenario is i have two vpc's one public and another one is private, i want to use NLB of public VPC to NLB of Private VPC using Endpoint service and Endpoint. I have first created one server which is having httpd install and i have pointed my Private NLB to that Server which is in private VPC. Now i have created Endpoint service for this Private NLB and creates Endpoint for this endpoint service in public vpc now after registering this endpoint in endpoint service, i have created Public NLB and use this Endpoint IP as in target group. But still i am not able to get any output when i am hitting DNS of my public NLB, Please note Transit gateway is already configured and i have checked connectivity by curl in public instance for private instance server.

i want to understand what other configuration i have missed? please let me know if you know anything about this use case..

1 Answer

If you are using private link then transit gateway is not needed. Connectivity between VPC is certainly not required as PrivateLink provides private connectivity between virtual private clouds (VPCs)

Some things to check..

  1. In your public VPC, your NLB is internet facing
  2. In your public VPC, your NLB is on a public subnet
  3. Your NACL's in the subnets allow bi-directional traffic
  4. Your Security groups on the endpoints need to allow traffic from the NLB IP addresses in the Public VPC
profile picture
answered 13 days ago
  • Thanks for the reply Gary.. For NACL part i have allowed all for both inbound and outbound For 4th point i have allowed all the traffic in endpoint security group

    Rest point i have already followed..

  • During your testing, what parts work? i.e. connecting to the endpoint service in the public VPC. Connecting to the NLB within the Public VPC.. See if we cant try and narrow the issue down

  • When I am hitting endpoint service dns from my public instance which is in public vpc, i am able to get the reply. But when I am trying to create target group for public NLB i have used ip of interface endpoint, it is showing me unhealthy though I have accepted the connection in endpoint service. Also sg of interface endpoint allowing all the traffic It seems like only my target group of public NLB not able to connect with interface endpoint dns

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions